Re: [SLUG] Re: XecureBrowser - looks like snake oil to me.
On Thu, November 11, 2010 11:38 am, Daniel Pittman wrote: It almost sounds like you are trying to disagree with me here, which seems strange, given that the issue in the article was that it turns out people with low levels of technical experience are vulnerable to social manipulation. I can't quite tell if you are disagreeing or not, though, which is strange. :) agree with you, and, appreciate your concise summary of the XecureBrowser, likewise, I followed up the XecureBrowser link yes, that's what I meant, here's another example I just came across the NY article last night, when I saw your post, thought, hmmm, maybe the virus eradicator from NY now joined SLUG, as the post was still fresh in my mind (and opened in a TAB) I thought of posting from it sorry for not making it more obvious. -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XecureBrowser - looks like snake oil to me.
Voytek Eymont li...@sbt.net.au writes: On Thu, November 11, 2010 11:38 am, Daniel Pittman wrote: It almost sounds like you are trying to disagree with me here, which seems strange, given that the issue in the article was that it turns out people with low levels of technical experience are vulnerable to social manipulation. I can't quite tell if you are disagreeing or not, though, which is strange. :) agree with you, and, appreciate your concise summary of the XecureBrowser, likewise, I followed up the XecureBrowser link. yes, that's what I meant, here's another example Ah. Sorry for the confusion, then. :) sorry for not making it more obvious. I don't know I would, personally, assume that it was your side that slipped here. I am happy to say that this is not my most ... focused of days. ;) Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XecureBrowser - looks like snake oil to me.
If you want a browser for banking. 1. Go and get firefox from https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest-3.6/linux-i686/en-GB/ 2. disable all browser extensions and plugins (NO FLASH, JAVA ETC.) 3. install noscript. 4. ENSURE THAT YOU ARE GOING TO LOGIN TO HTTPS:// and not HTTP:// Also, if you are using anz you might want to get them to have a look at https://www.anz.com/crossdomain.xml ^ ^ -- The lunatic, the lover, and the poet,Are of imagination all compact... -- Wm. Shakespeare, A Midsummer Night's Dream -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Re: XecureBrowser - looks like snake oil to me.
the best solution... so far. since we could work out the security things by ourself.. On Thu, Nov 11, 2010 at 10:25 AM, dave b db.pub.m...@gmail.com wrote: If you want a browser for banking. 1. Go and get firefox from https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/latest-3.6/linux-i686/en-GB/ 2. disable all browser extensions and plugins (NO FLASH, JAVA ETC.) 3. install noscript. 4. ENSURE THAT YOU ARE GOING TO LOGIN TO HTTPS:// and not HTTP:// Also, if you are using anz you might want to get them to have a look at https://www.anz.com/crossdomain.xml ^ ^ -- The lunatic, the lover, and the poet,Are of imagination all compact... -- Wm. Shakespeare, A Midsummer Night's Dream -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- Linkedin : http://id.linkedin.com/in/mrpbpp PGP ID : 0xDC3A483A PGP Fingerprint : FCBE 697C 3C47 89D2 C28F 6C94 E607 7E99 DC3A 483A See http://www.keyserver.net or any PGP keyserver for public key Never Trust an Operating System You don't have the Source for... Closed Source for device Driver are ILLEGAL and not Ethical... act! Isn't it, MS Windows a real multitasking OS?, Why? 'Cause It can boot and crash simultaneously! -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Re: XecureBrowser - looks like snake oil to me.
Mada R Perdhana mrp@gmail.com writes: I think, it is too careless if this is just a scam, because the developers also threw a request to the public (the information security community) to perform tests on their application. This is a pretty certain sign of ... well, not a scam, but a sign that this is snake oil - something that doesn't really do what it claims. The most important this is a sign of that is that it is an effort to prove that something is secure by demanding other people take the trouble to prove it is *not* secure. Which fails disastrously: if no one in the security community actually bothers to test it, is it secure, or just untested? It also fails disastrously because it proves that a set of people, if they actually bother, can't break it. That proves *nothing* about the ability of other folks to do so. This /sounds/ like proof of security, but isn't (even if done as intended), which is a classic sign of snake oil. from existing web (https://www.xecureit.com/xb/), we could also seen that they had an affiliation with ISACA and CISSP certification, which in my personal opinion it is to reckless to drag this two bid name into, since it would make a big reaction from the information security communities. No, there wouldn't, for several reasons. The most important one is that offering CISSP training has nothing at all to do with the secure browser they are offering, and they make absolutely no claim that it is connected. The second, and pretty much equally important reason, is that the information security community doesn't really give a damn about a fight between Cisco and some tiny little company over the inappropriate use of a Cisco certification. Now, you might make an argument that they were trying to conflate the presence of those things with any sort of actual security of the product - which would be supporting evidence that they were selling snake oil, not evidence against. May be some of security experts in here could also do some test with that thing, to prove whether ,xb just a scam or it is really works to secure ib transaction. Why on earth would I spend my time trying to prove something like that, rather than just recommend things that are known and understood to work? You seem to be assuming that the burden of proof is on the Internet security community to prove that this is a bad thing. That isn't really how actual security stuff works: there, the burden of proof is on the claimant. If you want us to believe that XB is worth something, prove it. Show the proof that it actually, measurably improves user security. anyway, again.. everything returns to the user, to determine which are the most secure (or convenience?) way to conduct an ib transactions. Are you trying to argue that popularity is a good way to identify the security of a product? Didn't FireSheep show us that was ... hard to support? (Not to mention that we have decades of other proof that security is not a pressing concern for users, but whatever. :) ...and, frankly, that claim only serves to convince me that the term you want is sucker, not user, here: the audience are people who are convinced that there is some secret security sauce in the product without actually understanding anything about why it might make them more secure. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html